Message ID | 20240521031645.17008-6-jarkko@kernel.org (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | KEYS: asymmetric: tpm2_key_rsa | expand |
> -----Original Message----- > From: Jarkko Sakkinen <jarkko@kernel.org> > Sent: Tuesday, May 21, 2024 8:47 AM > To: Herbert Xu <herbert@gondor.apana.org.au> > Cc: linux-integrity@vger.kernel.org; keyrings@vger.kernel.org; > Andreas.Fuchs@infineon.com; James Prestwood <prestwoj@gmail.com>; > David Woodhouse <dwmw2@infradead.org>; Eric Biggers > <ebiggers@kernel.org>; James Bottomley > <James.Bottomley@hansenpartnership.com>; Jarkko Sakkinen > <jarkko@kernel.org>; David S. Miller <davem@davemloft.net>; open > list:CRYPTO API <linux-crypto@vger.kernel.org>; open list <linux- > kernel@vger.kernel.org>; Peter Huewe <peterhuewe@gmx.de>; Jason > Gunthorpe <jgg@ziepe.ca>; James Bottomley > <James.Bottomley@HansenPartnership.com>; Mimi Zohar > <zohar@linux.ibm.com>; David Howells <dhowells@redhat.com>; Paul Moore > <paul@paul-moore.com>; James Morris <jmorris@namei.org>; Serge E. Hallyn > <serge@hallyn.com>; open list:SECURITY SUBSYSTEM <linux-security- > module@vger.kernel.org> > Subject: [EXTERNAL] [PATCH v2 5/6] tpm: tpm2_key: Extend parser to > TPM_LoadableKey > > ---------------------------------------------------------------------- > Extend parser to TPM_LoadableKey. Add field for oid to struct tpm2_key > so that callers can differentiate different key types. > > Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org> > --- > drivers/char/tpm/tpm2_key.c | 14 +++++++++++--- > include/crypto/tpm2_key.h | 2 ++ > security/keys/trusted-keys/trusted_tpm2.c | 4 ++++ > 3 files changed, 17 insertions(+), 3 deletions(-) > > diff --git a/drivers/char/tpm/tpm2_key.c b/drivers/char/tpm/tpm2_key.c > index 0112362e432e..59797dc232f1 100644 > --- a/drivers/char/tpm/tpm2_key.c > +++ b/drivers/char/tpm/tpm2_key.c > @@ -32,16 +32,24 @@ int tpm2_key_type(void *context, size_t hdrlen, > const void *value, size_t vlen) > { > enum OID oid = look_up_OID(value, vlen); > - > - if (oid != OID_TPMSealedData) { > + struct tpm2_key *key = context; > + > + switch (oid) { > + case OID_TPMSealedData: > + pr_info("TPMSealedData\n"); > + break; > + case OID_TPMLoadableKey: > + pr_info("TPMLodableKey\n"); > + break; > + default: > char buffer[50]; > - > sprint_oid(value, vlen, buffer, sizeof(buffer)); > pr_debug("OID is \"%s\" which is not TPMSealedData\n", > buffer); Maybe extend this print to say "neither TPMSealedData nor TPMLodableKey" Thanks -Bharat > return -EINVAL; > } > > + key->oid = oid; > return 0; > } > > diff --git a/include/crypto/tpm2_key.h b/include/crypto/tpm2_key.h > index acf41b2e0c92..2d2434233000 100644 > --- a/include/crypto/tpm2_key.h > +++ b/include/crypto/tpm2_key.h > @@ -2,12 +2,14 @@ > #ifndef __LINUX_TPM2_KEY_H__ > #define __LINUX_TPM2_KEY_H__ > > +#include <linux/oid_registry.h> > #include <linux/slab.h> > > /* > * TPM2 ASN.1 key > */ > struct tpm2_key { > + enum OID oid; > u32 parent; > const u8 *blob; > u32 blob_len; > diff --git a/security/keys/trusted-keys/trusted_tpm2.c > b/security/keys/trusted-keys/trusted_tpm2.c > index f255388d32b8..ce4c667c3ee3 100644 > --- a/security/keys/trusted-keys/trusted_tpm2.c > +++ b/security/keys/trusted-keys/trusted_tpm2.c > @@ -305,6 +305,10 @@ static int tpm2_load_cmd(struct tpm_chip *chip, > payload->old_format = 1; > } else { > blob = key.blob; > + if (key.oid != OID_TPMSealedData) { > + tpm2_key_destroy(&key); > + return -EINVAL; > + } > } > > if (!blob) > -- > 2.45.1 >
On Tue May 21, 2024 at 8:47 AM EEST, Bharat Bhushan wrote: > > > > -----Original Message----- > > From: Jarkko Sakkinen <jarkko@kernel.org> > > Sent: Tuesday, May 21, 2024 8:47 AM > > To: Herbert Xu <herbert@gondor.apana.org.au> > > Cc: linux-integrity@vger.kernel.org; keyrings@vger.kernel.org; > > Andreas.Fuchs@infineon.com; James Prestwood <prestwoj@gmail.com>; > > David Woodhouse <dwmw2@infradead.org>; Eric Biggers > > <ebiggers@kernel.org>; James Bottomley > > <James.Bottomley@hansenpartnership.com>; Jarkko Sakkinen > > <jarkko@kernel.org>; David S. Miller <davem@davemloft.net>; open > > list:CRYPTO API <linux-crypto@vger.kernel.org>; open list <linux- > > kernel@vger.kernel.org>; Peter Huewe <peterhuewe@gmx.de>; Jason > > Gunthorpe <jgg@ziepe.ca>; James Bottomley > > <James.Bottomley@HansenPartnership.com>; Mimi Zohar > > <zohar@linux.ibm.com>; David Howells <dhowells@redhat.com>; Paul Moore > > <paul@paul-moore.com>; James Morris <jmorris@namei.org>; Serge E. Hallyn > > <serge@hallyn.com>; open list:SECURITY SUBSYSTEM <linux-security- > > module@vger.kernel.org> > > Subject: [EXTERNAL] [PATCH v2 5/6] tpm: tpm2_key: Extend parser to > > TPM_LoadableKey > > > > ---------------------------------------------------------------------- > > Extend parser to TPM_LoadableKey. Add field for oid to struct tpm2_key > > so that callers can differentiate different key types. > > > > Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org> > > --- > > drivers/char/tpm/tpm2_key.c | 14 +++++++++++--- > > include/crypto/tpm2_key.h | 2 ++ > > security/keys/trusted-keys/trusted_tpm2.c | 4 ++++ > > 3 files changed, 17 insertions(+), 3 deletions(-) > > > > diff --git a/drivers/char/tpm/tpm2_key.c b/drivers/char/tpm/tpm2_key.c > > index 0112362e432e..59797dc232f1 100644 > > --- a/drivers/char/tpm/tpm2_key.c > > +++ b/drivers/char/tpm/tpm2_key.c > > @@ -32,16 +32,24 @@ int tpm2_key_type(void *context, size_t hdrlen, > > const void *value, size_t vlen) > > { > > enum OID oid = look_up_OID(value, vlen); > > - > > - if (oid != OID_TPMSealedData) { > > + struct tpm2_key *key = context; > > + > > + switch (oid) { > > + case OID_TPMSealedData: > > + pr_info("TPMSealedData\n"); > > + break; > > + case OID_TPMLoadableKey: > > + pr_info("TPMLodableKey\n"); These should be pr_debug() (forgot to change). > > + break; > > + default: > > char buffer[50]; > > - > > sprint_oid(value, vlen, buffer, sizeof(buffer)); > > pr_debug("OID is \"%s\" which is not TPMSealedData\n", > > buffer); > > Maybe extend this print to say "neither TPMSealedData nor TPMLodableKey" Right, I tried to apply minimal delta to patches where existing code needs to be carved to a new form :-) I think it could be just "OID \"%s\" is unknown"? BR, Jarkko
diff --git a/drivers/char/tpm/tpm2_key.c b/drivers/char/tpm/tpm2_key.c index 0112362e432e..59797dc232f1 100644 --- a/drivers/char/tpm/tpm2_key.c +++ b/drivers/char/tpm/tpm2_key.c @@ -32,16 +32,24 @@ int tpm2_key_type(void *context, size_t hdrlen, const void *value, size_t vlen) { enum OID oid = look_up_OID(value, vlen); - - if (oid != OID_TPMSealedData) { + struct tpm2_key *key = context; + + switch (oid) { + case OID_TPMSealedData: + pr_info("TPMSealedData\n"); + break; + case OID_TPMLoadableKey: + pr_info("TPMLodableKey\n"); + break; + default: char buffer[50]; - sprint_oid(value, vlen, buffer, sizeof(buffer)); pr_debug("OID is \"%s\" which is not TPMSealedData\n", buffer); return -EINVAL; } + key->oid = oid; return 0; } diff --git a/include/crypto/tpm2_key.h b/include/crypto/tpm2_key.h index acf41b2e0c92..2d2434233000 100644 --- a/include/crypto/tpm2_key.h +++ b/include/crypto/tpm2_key.h @@ -2,12 +2,14 @@ #ifndef __LINUX_TPM2_KEY_H__ #define __LINUX_TPM2_KEY_H__ +#include <linux/oid_registry.h> #include <linux/slab.h> /* * TPM2 ASN.1 key */ struct tpm2_key { + enum OID oid; u32 parent; const u8 *blob; u32 blob_len; diff --git a/security/keys/trusted-keys/trusted_tpm2.c b/security/keys/trusted-keys/trusted_tpm2.c index f255388d32b8..ce4c667c3ee3 100644 --- a/security/keys/trusted-keys/trusted_tpm2.c +++ b/security/keys/trusted-keys/trusted_tpm2.c @@ -305,6 +305,10 @@ static int tpm2_load_cmd(struct tpm_chip *chip, payload->old_format = 1; } else { blob = key.blob; + if (key.oid != OID_TPMSealedData) { + tpm2_key_destroy(&key); + return -EINVAL; + } } if (!blob)
Extend parser to TPM_LoadableKey. Add field for oid to struct tpm2_key so that callers can differentiate different key types. Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org> --- drivers/char/tpm/tpm2_key.c | 14 +++++++++++--- include/crypto/tpm2_key.h | 2 ++ security/keys/trusted-keys/trusted_tpm2.c | 4 ++++ 3 files changed, 17 insertions(+), 3 deletions(-)